14 matches found
Code execution in Apache Struts 1 plugin
The Struts 1 plugin used with Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage...
GHSA-29RM-6752-GVWV Code execution in Apache Struts 1 plugin
The Struts 1 plugin used with Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage...
VulnCheck KEV: CVE-2017-9791
The Struts 1 plugin in Apache Struts might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage...
ColdFusion FlashGateway deserialization vulnerability analysis-vulnerability warning-the black bar safety net
2019 2 May 12, the official Adobe released for Adobe ColdFusion security update patch, numbered APSB19 to 10. But for the vulnerability analysis, the current online I just saw an article that https://paper.seebug.org/811/, although the article did not give too many details for our Munchkin, but...
Apache Struts 2 Struts 1 plugin Showcase OGNL code execution
Added: 06/06/2018 CVE: CVE-2017-9791 BID: 99484 Background Apache Struts is an open-source web application framework for developing Java EE web applications. The Struts 1 plugin allows developers to use Struts 1 Actions and ActionForms in Struts 2 applications. The Showcase application is an...
Apache Struts 2 Struts 1 Plugin ActionMessage < 2.3.32 RCE
Remote command execution vulnerability in Apache Struts 2 Struts 1 plugin ActionMessage class error message input handling Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...
Apache Struts 2.3.x Showcase App Struts 1 Plugin ActionMessage Class Error Message Input Handling RCE (S2-048)
The version of Apache Struts running on the remote Windows host is 2.3.x. It is, therefore, potentially affected by a remote code execution vulnerability in the Struts 1 plugin showcase app in the ActionMessage class due to improper validation of user-supplied input passed via error messages. An...
CVE-2017-9791
The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage...
CVE-2017-9791
The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage...
Remote code execution
The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage...
PT-2017-2796
Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.1.x through 2.3.x Description The issue exists due to insufficient validation of user-input data that is part of a message, allowing a remote attacker to execute arbitrary code. This can be achieved by passing a...
CVE-2017-9791
The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
Vulnerability warning | bucket pixel technology found in high-risk Struts2 showcase remote code execution vulnerability S2-048-the vulnerability warning-the black bar safety net
Recently, from the bucket as technology Tophant security researcher icez found Struts2 showcase application in the presence of a remote code execution high-risk vulnerabilities. Struts2 official has confirmed the vulnerability, the vulnerability number S2-048, CVE number: CVE-2017-9791, the...
Remote Code Execution (RCE)
struts2-struts1-plugin is vulnerable to remote code execution RCE attacks. These attacks are possible because the user input are not sanitized and are directly passed through messages.add to be used as a part of an error message in the ActionMessage class. This doesn't affect users of the Struts...